Method, equipment, and system for detecting and authenticating terminal in passive optical network

ABSTRACT

A method, equipment, and operation management system for detecting and authenticating a terminal in a passive optical network are provided. The method includes the following steps. The terminal has a logic registration code. A central office end receives the logic registration code sent by the terminal. The central office end judges whether the logic registration code of the terminal matches with the logic registration code stored at the central office end, and determines that the terminal is a valid terminal if the logic registration code sent by the terminal matches with the logic registration code stored at the central office end. The central office end records a terminal serial number from the valid terminal, and records a terminal identifier assigned to the valid terminal. By using the provided method, equipment, and operation management system, it is unnecessary to statically configure the terminal SN at the central office end, such that the maintenance cost of the central office end and the terminal is lowered, the flexibility of terminal detection and authentication is improved, and the maintainability of the central office end and the terminal is also enhanced.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.15/925,091, filed on Mar. 19, 2018, which is a continuation of U.S.patent application Ser. No. 15/497,029, filed on Apr. 25, 2017 and nowU.S. Pat. No. 9,942,634, which is a continuation of U.S. patentapplication Ser. No. 15/184,661, filed on Jun. 16, 2016 and now U.S.Pat. No. 9,674,172, which is a continuation of U.S. patent applicationSer. No. 14/282,642, filed on May 20, 2014 and now U.S. Pat. No.9,397,777, which is a continuation of U.S. patent application Ser. No.13/770,743, filed on Feb. 19, 2013 and now U.S. Pat. No. 8,774,629,which is a continuation of U.S. patent application Ser. No. 12/604,085,filed on Oct. 22, 2009 and now U.S. Pat. No. 8,406,628, which is acontinuation of International Application No. PCT/CN2008/071619, filedon Jul. 11, 2008, which claims the priority of Chinese PatentApplication No. 200710119103.X, filed on Jul. 13, 2007. Theafore-mentioned patent applications are hereby incorporated by referencein their entireties.

FIELD OF TECHNOLOGY

The present invention relates to a network communication technology, inparticular, to a method, equipment, and system for detecting andauthenticating a terminal in a passive optical network (PON).

BACKGROUND

The PON technique is a point-to-multipoint optical fiber accesstechnique. A PON is generally composed of an optical line terminal (OLT)at the central office end, an optical network unit/optical networkterminal (ONU/ONT) at the user end, and an optical distribution network(ODN). One PON port of the OLT may be accessed by a plurality ofONUs/ONTs. The difference between the ONU and the ONT lies in that theONT is directly located at the user side, while other networks existbetween the ONU and the user side, such as the Ethernet, there-between.

Currently, the detection and authentication on the ONU/ONT are performedduring the registration of the ONU/ONT, and the registration process ofthe ONU/ONT is shown in FIG. 1.

In FIG. 1, Step 1: The OLT sends a message to each ONU/ONT forrequesting the ONU/ONT to report a serial number (SN).

Step 2: The ONU/ONT that receives the above message reports its SN tothe OLT.

Step 3: The OLT receives the SN, and detects the SN, i.e. detects theONU/ONT.

The detection process is implemented as follows. An SN is pre-configuredin the OLT, and the OLT determines whether the received SN matches withthe pre-configured SN. The detection on the ONU/ONT succeeds if thereceived SN matches with the pre-configured SN; the detection on theONU/ONT fails if the received SN does not match with the pre-configuredSN. The OLT sends an ONU-ID corresponding to the SN according to acorresponding relationship between the pre-configured SN and the ONU-IDto the ONU/ONT that is successfully detected. The ONU-ID is unique atone PON port.

Step 4: The OLT performs ranging on the ONU/ONT assigned with theONU-ID.

Step 5: The OLT sends a request message to the ONU/ONT on which theranging is performed, for requesting the ONU/ONT to report a password.

Step 6: The ONU/ONT that receives the request message reports itspassword to the OLT.

Step 7: The OLT performs authentication on the ONU/ONT according to thereceived password, and if the authentication is passed, the registrationof the ONU/ONT succeeds.

During the implementation of the present invention, the inventor findsout the following defects in the prior art.

In the abovementioned detection and authentication on the ONU/ONT, acorresponding relationship between the SN and the ONU-ID should bestatically pre-configured in the OLT. Therefore, the OLT cannotautomatically detect and authenticate the ONU/ONT, so that theflexibility of the detection and authentication of the ONU/ONT is poor.In addition, the SN in the OLT is usually managed by an operationmanagement system. When providing the ONU/ONT to the user, the operationmanagement system records the SN of the provided ONU/ONT, andpre-configures the SN in the OLT. When it is intended to replace theONU/ONT due to problems such as equipment failure, the operationmanagement system updates the SN recorded in the operation managementsystem, and updates the SN in the OLT. That is to say, the operationmanagement system adopts a static management scheme for the SN recordedin the operation management system and the SN in the OLT. This staticmanagement scheme results in an increased maintenance cost of theoperation management system, the OLT, and the ONU/ONT, and thus reducesthe maintainability of the operation management system, the OLT, and theONU/ONT.

SUMMARY

Accordingly, various embodiments of the present invention provide amethod, equipment, and system for detecting and authenticating aterminal in a passive optical network, which realizes the automaticdetection and authentication of the terminal, thereby improving theflexibility of terminal detection and authentication as well asenhancing the maintainability of the central office end and theterminal.

In an embodiment of the present invention, a method for detecting andauthenticating a terminal in the passive optical network is provided.The passive optical network includes an optical line terminal (OLT) anda plurality of optical network units/optical network terminals(ONUs/ONTs). At least one ONU/ONT of the ONUs/ONTs has a logicregistration code, and the method includes the following steps.

The OLT receives the logic registration code sent by the ONU/ONT.

The OLT judges whether the logic registration code sent by the ONU/ONTmatches with a logic registration code stored at the OLT, and determinesthat the ONU/ONT is a valid ONU/ONT if the logic registration code sentby the ONU/ONT matches with the logic registration code stored at theOLT.

The OLT binds a terminal serial number from the valid ONU/ONT and aterminal identifier assigned to the valid ONU/ONT when determining thatthe ONU/ONT is a valid ONU/ONT.

In an embodiment of the present invention, an optical line terminal(OLT) applied to a central office end in the passive optical network isfurther provided. The OLT includes a first storing module, a receivingmodule, a determining module, an assigning module, and a second storingmodule.

The first storing module is adapted to store a logic registration codeof a terminal.

The receiving module is adapted to receive a logic registration code anda terminal serial number sent by the terminal.

The judging module is adapted to judge whether the logic registrationcode received by the receiving module matches with the logicregistration code stored in the first storing module, and output ajudgment result.

The assigning module is adapted to assign a terminal identifier to theterminal and output the terminal identifier.

The second storing module is adapted to store a binding relationshipbetween the terminal serial number received by the receiving module andthe terminal identifier output by the assigning module after the judgingmodule outputs the matched judgment result information.

In an embodiment of the present invention, a system including a passiveoptical network is further provided. The passive optical networkincludes an optical line terminal (OLT) and a plurality of opticalnetwork units/optical network terminals (ONUs/ONTs). At least oneONU/ONT of the ONUs/ONTs has a logic registration code.

the OLT is adapted to receive the logic registration code sent by theONU/ONT, judge whether the logic registration code sent by the ONU/ONTmatches with a logic registration code stored at the OLT, and bind aterminal serial number acquired from the ONU/ONT and a terminalidentifier assigned to the ONU/ONT if the logic registration code sentby the ONU/ONT matches with the logic registration code stored at theOLT.

The receiving and storing module is adapted to receive and store a logicregistration code of the terminal equipment.

The transmitting module is adapted to transmit the logic registrationcode stored in the receiving and storing module to a central office endaccording to a request of the central office end received by theterminal equipment.

Seen from the above technical solutions, in the embodiments of thepresent invention, it is unnecessary to statically configure theterminal serial number at the central office end. Instead, a logicregistration code is adopted during the detection and authenticationprocess, so that after the authentication is passed, the terminal serialnumber acquired from the valid terminal and the terminal identifierassigned to the valid terminal are recorded, and thus the central officeend may automatically detect and authenticate the terminal. Besides, byrecording the terminal serial number acquired from the valid terminaland the terminal identifier assigned to the valid terminal by thecentral office end, the central office end may dynamically manage theterminal serial number and the terminal identifier, so as to reduce themaintenance cost of the central office end and the terminal. Therefore,the technical solutions provided by the embodiments of the presentinvention not only improve the flexibility of terminal detection andauthentication but also enhance the maintainability of the centraloffice end and the terminal.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic view illustrating a registration process of anONU/ONT in the prior art;

FIG. 2 is a schematic view illustrating the process of a method fordetecting and authenticating a terminal according to an embodiment ofthe present invention;

FIG. 3 is a first timing chart of the method for detecting andauthenticating a terminal according to an embodiment of the presentinvention; and

FIG. 4 is a second timing chart of the method for detecting andauthenticating a terminal according to an embodiment of the presentinvention.

DETAILED DESCRIPTION

In an embodiment of the present invention, a logic registration code ofa terminal is employed to realize the automatic detection andauthentication of the terminal. The method for detecting andauthenticating a terminal provided in the embodiments of the presentinvention is illustrated in detail below.

In the embodiments of the present invention, the terminal, such as anONU/ONT, has a corresponding logic registration code. The logicregistration code of the terminal may be assigned by a central officeend to the terminal during a service application of a user. Afterassigning the logic registration code to the terminal, the centraloffice end needs to record the logic registration code assigned to theterminal. For example, an operation management system at the centraloffice end assigns a logic registration code to the terminal, stores theassigned logic registration code, and transmits the logic registrationcode that is assigned to the terminal to an OLT at the central officeend. Then, the OLT stores the received logic registration code. Thelogic registration code may be dynamically generated by the centraloffice end. Moreover, the logic registration code is unique within acertain range. For example, under a PON port, the logic registrationcode of the terminal is unique. The logic registration code of theterminal may also be unique in the global range. In the embodiments ofthe present invention, it is not limited whether or not the logicregistration code of the terminal has a unique range, what the specificimplementation manner of the logic registration code is, or whichspecific equipment at the central office end is adapted to generate thelogic registration code.

During the terminal detection and authentication process, the terminalfirst acquires the logic registration code thereof, and then transmitsthe acquired logic registration code to the central office end. In orderto acquire the logic registration code, the terminal may receive anexternally input logic registration code. For example, local commandlines, Web pages, or other means may be provided in the terminal toreceive the externally input logic registration code. The terminal mayalso generate the logic registration code based on a certainpredetermined rule according to the externally input information. Inthis manner, the logic registration code generated by the terminal isidentical to the logic registration code stored at the central officeend. The terminal detection and authentication process may beaccomplished during the registration of the terminal. More specifically,the terminal may transmit the logic registration code to the centraloffice end during the registration. In the embodiments of the presentinvention, it is possible that the terminal detection and authenticationprocess is realized independently or along with other processes.

The terminal may transmit the logic registration code to the centraloffice end by using an existing message, or by using a new messagespecially defined for transmitting the logic registration code.Moreover, during the transmission of the logic registration code, theterminal may transmit the logic registration code by the encryptionmeans or by other means. In the embodiments of the present invention,the specific implementation manner of the existing message and thespecific structure of the newly defined message are not limited herein.

After receiving the logic registration code transmitted from theterminal, the central office end performs authentication on the terminalby using the pre-stored logic registration code and the logicregistration code transmitted from the terminal. For example, thecentral office end determines whether the logic registration codetransmitted from the terminal matches with the pre-stored logicregistration code, and determines that the terminal is a valid terminalif the logic registration code sent from the terminal matches with thelogic registration code stored at the central office end; determinesthat the terminal is an invalid terminal if the logic registration codesent from the terminal dose not match with the logic registration codestored at the central office end.

When judging that the terminal is a valid terminal, the central officeend records the terminal serial number acquired from the valid terminaland the terminal identifier assigned to the valid terminal by thecentral office end. In the embodiments of the present invention, theterminal serial number of the valid terminal recorded at the centraloffice end is acquired from the valid terminal. In view of this, in theembodiments of the present invention, it is unnecessary to pre-configurethe terminal serial number at the central office end. Though, in theembodiments of the present invention, the logic registration code of theterminal is pre-configured at the central office end, when the terminalneeds to be replaced due to problems such as a failure, the logicregistration code in the original terminal may also be used in the newlyreplaced terminal, and the central office end performs authentication onthe terminal based on the logic registration code. Therefore, thecentral office end may automatically detect the valid terminal, andautomatically acquire the terminal serial number and the terminalidentifier of the valid terminal. As such, the process of staticallyconfiguring the serial number of the newly replaced terminal by thecentral office end during the terminal replacement by the user can beavoided.

The central office end may record the terminal identifier of theterminal in the following manners. For example, the central office endmay assign the terminal identifier to the terminal before determiningthat the terminal is the valid terminal, and record the terminalidentifier of the valid terminal after determining that the terminal isthe valid terminal. Or, the central office end may assign the terminalidentifier to the terminal after determining that the terminal is thevalid terminal, and record the terminal identifier of the validterminal. Furthermore, the central office end may assign a temporaryterminal identifier to the terminal before determining that the terminalis the valid terminal, then assign a formal terminal identifier to theterminal after determining that the terminal is the valid terminal, andrecord the formal terminal identifier of the valid terminal. Thetemporary terminal identifier assigned to the terminal may satisfycertain requirements of the registration or ranging of the terminal. Forexample, when the terminal transmits the logic registration code througha message for reporting a password, the terminal is first assigned witha temporary terminal identifier to accomplish the subsequent rangingprocess, and then transmits the logic registration code to the centraloffice end through the message for reporting a password.

The process of recording the terminal serial number of the validterminal by the central office end may be realized in the followingmanner. The OLT records the terminal serial number of the validterminal, or the OLT and other equipments at the central office end suchas the operation management system all record the terminal serial numberof the valid terminal. The OLT may acquire and record the terminalserial number of the valid terminal by receiving the terminal serialnumber transmitted from the valid terminal. The OLT may transmit therecorded terminal serial number of the valid terminal to other networkequipments such as the operation management system at the central officeend, such that the operation management system may acquire and recordthe automatically detected terminal serial number by receiving theterminal serial number of the valid terminal transmitted from the OLT.

The operation management system is capable of managing the terminalserial number and the terminal identifier recorded thereby, and alsoperforming maintenance management on the OLT and the terminal accordingto the terminal serial number and the terminal identifier recordedthereby.

The method for detecting and authenticating a terminal provided in theembodiments of the present invention is illustrated in detail below withthe accompanying drawings.

The process of the method for detecting and authenticating a terminalaccording to the embodiments of the present invention is shown in FIG.2.

In FIG. 2, Step 1: The operation management system generates and storesa logic registration code for an ONU/ONT used by the user who files aservice application. For example, the operation management system storesthe generated logic registration code in a logic registration codedatabase. The operation management system may generate the logicregistration code in a specific format determined by the operationmanagement system. When the operation management system generates thelogic registration code, it is ensured that the generated logicregistration code is unique under a PON port.

Step 2: The operation management system generates a service parameter tobe configured for the ONU/ONT according to the service applied by theuser. The operation management system delivers the service parameter tobe configured for the ONU/ONT and the logic registration code of theONU/ONT to the OLT.

Step 3: The operation management system transmits information about thelogic registration code of the ONU/ONT to the user.

Step 4: After being powered on, the ONU/ONT receives the externallyinput logic registration code. For example, the ONU/ONT receives theexternally input logic registration code by providing local commandlines, Web pages, or through other external media.

Step 5: The ONU/ONT reports the logic registration code to the OLTduring the registration. The OLT receives the logic registration codereported by the ONU/ONT, and determines whether the logic registrationcode reported by the ONU/ONT matches with the logic registration codestored therein. If the logic registration code reported by the ONU/ONTmatches with the logic registration code stored therein, theauthentication succeeds and the OLT determines that the ONU/ONT is thevalid terminal and records the SN acquired from the valid terminal andan ONU-ID (the terminal identifier) assigned to the valid terminal, as aresult, the OLT successfully detects the valid terminal. If the logicregistration code reported by the ONU/ONT does not match with the logicregistration code stored therein, the authentication fails, and the OLTdetermines that the ONU/ONT is the invalid terminal, as a result, theregistration of the terminal terminates.

Step 6: After the registration of the ONU/ONT succeeds, the OLT reportsthe detected terminal SN transmitted from the valid terminal to theoperation management system. The OLT may also report a correspondingrelationship between the SN and the terminal identifier to the operationmanagement system.

Step 7: The operation management system stores the received terminal SN,for example, in an SN database. The operation management system mayperform maintenance management on the OLT and the ONU/ONT according tothe stored terminal SN.

In the above Step 5, the ONU/ONT may transmit the logic registrationcode through a message for reporting a password, i.e. the ONU/ONTcarries the logic registration code in a parameter field of the messagefor reporting a password, and reports the message for reporting apassword to the OLT. The logic registration code may also be transmittedbetween the OLT and the ONU/ONT through a newly set message forrequesting a logic registration code or a message for reporting a logicregistration code. The newly set message for requesting a logicregistration code and the message for reporting a logic registrationcode are both physical layer operation and maintenance (PLOAM) messages.The structures of the aforementioned two newly defined PLOAM messagesare shown in Tables 1 and 2.

TABLE 1 PLOAM message for requesting a logic registration code by theOLT in the downlink direction Message for Requesting Logic RegistrationCode Byte Content Description 1 ONU-ID ONU/ONT ID Index 2 Message IDMessage ID 3-12 Reserved

In Table 1, the ONU-ID of the first byte is configured to carry theONU-ID assigned to the terminal by the central office end, the MessageID of the second byte is configured to identify the message as a messagefor requesting a logic registration code, and the third to the twelfthbytes are reserved bytes.

TABLE 2 PLOAM message for reporting a logic registration code by the OLTin the uplink direction Message for Reporting Logic Registration CodeByte Content Description 1 ONU-ID ONU/ONT ID Index 2 Message ID MessageID 3 Xxxxxxxx Logic Registration Code (Byte 1) 4~11 . . . . . . 12 Xxxxxxxx Logic Registration Code (Byte 10)

In Table 2, the ONU-ID of the first byte is configured to carry theONU-ID assigned to the terminal by the central office end, the MessageID of the second byte is configured to identify the message as a messagefor reporting a logic registration code, and the third to the twelfthbytes are configured to carry the logic registration code of theterminal.

Tables 1 and 2 merely show specific examples of the message forrequesting a logic registration code and the message for reporting alogic registration code. In the embodiments of the present invention,the message for transmitting the logic registration code is not limitedto the above examples.

The aforementioned Step 5 may be realized by the following two methods.

Method 1: an automatic terminal detection and authentication process offirst assigning a temporary ONU-ID and then assigning a formal ONU-ID isshown in FIG. 3.

In FIG. 3, Step 1: The OLT sends a message for requesting to report theSN to all the ONUs/ONTs.

Step 2: The ONU/ONT receives the message for requesting to report the SNsent by the OLT, and reports its SN to the OLT in response to themessage.

Step 3: The OLT receives the SN reported by the ONU/ONT, and determineswhether the SN has been recorded, i.e. determines whether the receivedSN matches with the stored SN. If the OLT determines that the receivedSN has been recorded, Step 9 is performed. If the OLT determines thatthe received SN has not been recorded, the OLT assigns a temporaryONU-ID to the ONU/ONT and sends the temporary ONU-ID to the ONU/ONT, andStep 4 is performed. When the ONU/ONT assigns the temporary ONU-ID, theOLT may select one from the unused ONU-IDs as the temporary ONU-ID.

Step 4: The OLT performs data interaction with the ONU/ONT to which thetemporary ONU-ID is assigned, so as to accomplish the ranging of theONU/ONT assigned with the temporary ONU-ID.

Step 5: The OLT sends a message for requesting a logic registration codeto the ONU/ONT, and the message for requesting a logic registration codemay be realized by a message for requesting a password or a newlydefined message for requesting a logic registration code.

Step 6: The ONU/ONT receives the message for requesting a logicregistration code sent by the OLT, and reports its logic registrationcode to the OLT. The ONU/ONT may carry the logic registration code in amessage for reporting a password and transmit the message to the OLT, orcarry the logic registration code in a newly defined message forreporting a logic registration code and transmit the message to the OLT.

Step 7: The OLT acquires the logic registration code of the ONU/ONT fromthe received message, and checks the acquired logic registration codeaccording to parameters pre-configured by the operation managementsystem, i.e. the OLT determines whether the acquired logic registrationcode matches with the logic registration code stored therein. If theacquired logic registration code matches with the logic registrationcode stored therein, the OLT determines that the ONU/ONT is the validterminal, then records the SN of the ONU/ONT, and terminates theregistration of the ONU/ONT, and Step 8 is performed. If the acquiredlogic registration code does not match with the logic registration codestored therein, the OLT determines that the ONU/ONT is the invalidterminal, then directly terminates the registration, and stopsperforming the subsequent process.

Step 8: The ONU/ONT logs on again to continue the subsequentregistration process, and the ONU/ONT reports its SN to the OLT. The OLTreceives the SN reported by the ONU/ONT, and checks whether the SN hasbeen recorded. If the OLT determines that the received SN has beenrecorded, Step 9 is performed; and if the OLT determines that thereceived SN has not been recorded, the OLT assigns a temporary ONU-ID tothe ONU/ONT and sends the temporary ONU-ID to the ONU/ONT, and Step 4 isperformed.

In Step 8, as the OLT has already recorded the SN of the ONU/ONT, Step 9is performed directly.

Step 9: The OLT finds out a corresponding ONU-ID, and adopts thecorresponding ONU-ID as a formal ONU-ID. The formal ONU-ID may be thetemporary ONU-ID, i.e. the OLT adopts the temporary ONU-ID assignedpreviously to the ONU/ONT as the formal ONU-ID of the ONU/ONT. The OLTmay bind the SN of the ONU/ONT with the formal ONU-ID of the ONU/ONT.

Step 10: The OLT assigns the found formal ONU-ID to the ONU/ONT.

Step 11: The OLT performs data interaction with the ONU/ONT to which theformal ONU-ID is assigned, so as to accomplish the ranging of theONU/ONT assigned with the formal ONU-ID.

Step 12: The OLT performs data interaction with the ONU/ONT to which theformal ONU-ID is assigned, so as to accomplish the registration of theONU/ONT, and after the registration succeeds, Step 13 is performed.

Step 13: The OLT performs data interaction with the ONU/ONT thatsucceeds in the registration, so as to configure service parameters forthe ONU/ONT that succeeds in the registration.

In the above description of FIG. 3, the logic registration code of theONU/ONT may be the ONU-ID of the ONU/ONT, i.e. in the above Step 6 shownin FIG. 3, the logic registration code reported to the OLT by theONU/ONT is the ONU-ID of the ONU/ONT.

That is to say, in the above Step 1 shown in FIG. 2, the logicregistration code generated by the operation management system for theONU/ONT used by the user who files the service application is theONU-ID.

Certainly, in the above description of FIG. 3, the logic registrationcode of the ONU/ONT may also be different from the ONU-ID of theONU/ONT. In the embodiments of the present invention, the specificimplementation manner of the logic registration code of the ONU/ONT isnot limited herein.

In addition, in the above description of FIG. 3, the operationmanagement system and the OLT may identify the terminal through amanagement terminal identifier, and the OLT and the ONU/ONT may identifythe terminal through the ONU-ID. The management terminal identifier mayadopt the ONU-ID or any other identifier. When the management terminalidentifier between the operation management system and the OLT adoptsthe ONU-ID, the operation management system, the OLT, and the ONU/ONTall employ the ONU-ID to identify the ONU/ONT.

Method 2: the process of first assigning the ONU-ID and thenautomatically detecting and authenticating the terminal is shown in FIG.4.

In FIG. 4, Step 1: The OLT sends a message for requesting to report theSN to all the ONUs/ONTs.

Step 2: The ONU/ONT receives the message for requesting to report the SNsent by the OLT, and reports its SN to the OLT in response to themessage.

Step 3: After receiving the SN reported by the ONU/ONT, the OLT selectsone from the unused ONU-IDs as a formal ONU-ID, and assigns the selectedONU-ID to the ONU/ONT.

Step 4: The OLT performs data interaction with the ONU/ONT to which theONU-ID is assigned, so as to accomplish the ranging of the ONU/ONTassigned with the ONU-ID.

Step 5: The OLT sends a message for requesting a logic registration codeto the ONU/ONT, and the message for requesting a logic registration codemay be realized by a message for requesting a password or a newlydefined message for requesting a logic registration code.

Step 6: The ONU/ONT receives the message for requesting a logicregistration code sent by the OLT, and reports its logic registrationcode to the OLT in response to the message. The ONU/ONT may carry thelogic registration code in a message for reporting a password andtransmit the message to the OLT, or carry the logic registration code ina newly defined message for reporting a logic registration code andtransmit the message to the OLT.

Step 7: The OLT acquires the logic registration code of the ONU/ONT fromthe received message, and checks the acquired logic registration codeaccording to parameters pre-configured by the operation managementsystem, i.e. the OLT determines whether the acquired logic registrationcode matches with the logic registration code stored therein. If theacquired logic registration code matches with the logic registrationcode stored therein, the OLT determines that the ONU/ONT is the validterminal, then records the serial number of the ONU/ONT, and binds theserial number of the ONU/ONT with the ONU-ID of the ONU/ONT, and Step 8is performed. If the acquired logic registration code does not matchwith the logic registration code stored therein, the OLT determines thatthe ONU/ONT is the invalid terminal, then directly terminates theregistration, and stops performing the subsequent process.

Step 8: The OLT performs data interaction with the valid ONU/ONT, so asto accomplish the registration of the ONU/ONT, and after theregistration succeeds, Step 9 is performed.

Step 9: The OLT performs data interaction with the ONU/ONT that succeedsin the registration, so as to configure service parameters for theONU/ONT that succeeds in the registration.

Step 10: When intending to log out, the ONU/ONT sends a log-out messageto the OLT.

Step 11: The OLT receives the log-out message sent by the ONU/ONT, andreleases the binding relationship between the SN of the ONU/ONT and theONU-ID of the ONU/ONT.

In the above description of FIG. 4, the operation management system andthe OLT may identify the terminal through a management terminalidentifier, and the OLT and the ONU/ONT may identify the terminalthrough the ONU-ID. The management terminal identifier may adopt theONU-ID or any other identifier. When the management terminal identifierbetween the operation management system and the OLT does not adopt theONU-ID, the OLT in Step 7 binds the SN of the ONU/ONT, the ONU-ID of theONU/ONT, and the management terminal identifier of the ONU/ONT, and inStep 11, the OLT releases the binding relationship of the SN of theONU/ONT, the ONU-ID of the ONU/ONT, and the management terminalidentifier of the ONU/ONT.

Seen from the above description of the method, in the embodiments of thepresent invention, it is unnecessary to statically configure theterminal serial number in the OLT at the central office end or theoperation management system. Instead, a logic registration code isadopted during the detection and authentication process, so that afterthe authentication is passed, the terminal serial number acquired fromthe valid terminal and the terminal identifier assigned to the validterminal are recorded, and thus the OLT at the central office end mayautomatically detect and authenticate the terminal. Besides, the OLTtransmits the terminal serial number and the terminal identifieracquired through automatic detection and authentication to the operationmanagement system, so that the operation management system maydynamically acquire the terminal serial number and the terminalidentifier, and the process of statically configuring the terminalserial number and the terminal identifier by the operation managementsystem is avoided. When the terminal needs to be replaced due toproblems such as a failure, the logic registration code in the originalterminal may also be used in the newly replaced terminal, and therebythe process of statically reconfiguring the terminal serial number bythe operation management system due to the replacement of the terminalis avoided. Based on the above, the operation management system maydynamically manage the terminal serial number and the terminalidentifier, and easily maintain the OLT and the terminal by using thedynamically acquired terminal serial number and the terminal identifier.Therefore, the maintenance cost of the operation management system, theOLT, and the terminal is lowered, the flexibility of terminal detectionand authentication is improved, and the maintainability of the centraloffice end and the terminal is also enhanced.

In an embodiment of the present invention, a network equipment locatedat the central office end in the PON is also provided. The networkequipment may be an OLT at the central office end, and includes a firststoring module, a receiving module, a judging module, an assigningmodule, and a second storing module.

The first storing module is adapted to store a logic registration codeof a terminal. The logic registration code stored in the first storingmodule may be configured by an operation management system at thecentral office end.

The receiving module is adapted to receive a logic registration code anda terminal serial number sent from the terminal. The receiving modulemay request the terminal serial number and the logic registration codefrom the terminal, and then receive the terminal serial number and thelogic registration code transmitted from the terminal according to therequest.

The judging module is adapted to judge whether the logic registrationcode received by the receiving module matches with the logicregistration code stored in the storing module, so as to judge whetherthe terminal is the valid terminal or not. The judging module outputs ajudgment result, i.e. the judging module outputs information aboutmatching or not matching.

The assigning module is adapted to assign and output the terminalidentifier to the terminal. The assigning module may assign the terminalidentifier to the terminal before or after the judgment of the judgingmodule.

The second storing module is adapted to store the terminal serial numberreceived by the receiving module and the terminal identifier output bythe assigning module after the judging module outputs the judgmentresult of matching. The terminal serial number and the terminalidentifier stored in the second storing module are the automaticallydetected terminal serial number and the terminal identifier of the validterminal.

The network equipment optionally includes a reporting module. Thereporting module is adapted to report the terminal serial number storedby the second storing module to the operation management system at thecentral office end. The terminal serial number reported by the reportingmodule to the operation management system is the terminal serial numberof the valid terminal automatically detected by the network equipmentwhere the module is located.

According to different implementations of realizing the automaticdetection and authentication, the above assigning module and receivingmodule also have different operation modes. Two specific implementationmethods are illustrated as examples below.

Method 1: The assigning module includes a judging sub-module and anassigning sub-module, and the receiving module includes a firstrequesting sub-module, a second requesting sub-module, and a receivingsub-module.

The first requesting sub-module sends a message for requesting to reportthe SN to all the ONUs/ONTs. The receiving sub-module receives the SNreported by the ONU/ONT. After the receiving sub-module receives the SNreported by the ONU/ONT, the judging sub-module determines whether theSN received by the receiving sub-module has been recorded in the secondstoring module, i.e. determines whether the received SN matches with theSN stored in the second storing module. If it is determined that the SNreceived by the receiving sub-module has been recorded by the secondstoring module, the judging sub-module notifies the assigning sub-moduleto assign a formal ONU-ID, and if it is determined that the SN receivedby the receiving sub-module has not been recorded by the second storingmodule, the judging sub-module notifies the assigning sub-module toassign a temporary ONU-ID.

After receiving the message of assigning the temporary ONU-ID from thejudging sub-module, the assigning sub-module assigns the temporaryONU-ID to the terminal, and triggers the network equipment to performranging on the terminal. The network equipment performs data interactionwith the ONU/ONT to which the temporary ONU-ID is assigned, so as toaccomplish the ranging of the ONU/ONT assigned with the temporaryONU-ID.

After the network equipment accomplishes the ranging, the secondrequesting sub-module sends a message for requesting a logicregistration code to the ONU/ONT. The message for requesting a logicregistration code may be realized by a message for requesting a passwordor a newly defined message for requesting a logic registration code. Thereceiving sub-module acquires the logic registration code reported bythe ONU/ONT from the received message.

After the receiving sub-module receives the logic registration code, thejudging module checks the logic registration code received by thereceiving sub-module according to the logic registration code stored inthe first storing module, i.e. the judging module determines whether thelogic registration code received by the receiving sub-module matcheswith the logic registration code stored in the first storing module. Thejudging module determines that the ONU/ONT is the valid terminal andnotifies the second storing module to record the SN of the ONU/ONT, ifthe logic registration code received by the receiving sub-module matcheswith the logic registration code stored in the first storing module; thejudging module determines that the ONU/ONT is the invalid terminal anddirectly terminates the registration process, if the logic registrationcode received by the receiving sub-module does not match with the logicregistration code stored in the first storing module.

The ONU/ONT logs on again to perform the subsequent registrationprocess, and the ONU/ONT reports its SN to the OLT. After the receivingsub-module receives the SN reported by the ONU/ONT, the judgingsub-module checks whether the SN has been recorded in the second storingmodule. If it is determined that the SN received by the receivingsub-module has been recorded in the second storing module, the judgingsub-module notifies the assigning sub-module to assign the formal ONU-IDto the terminal. If it is determined that the SN received by thereceiving sub-module has not been recorded in the second storing module,the judging sub-module notifies the assigning sub-module to assign thetemporary ONU-ID to the terminal.

During the re-log on of the terminal, the second storing module hasrecorded the SN of the ONU/ONT. Therefore, after the receivingsub-module receives the SN, the assigning sub-module finds out theONU-ID, then assigns the found ONU-ID to the terminal as the formalONU-ID, and triggers the network equipment to perform ranging on theterminal.

The network equipment performs data interaction with the ONU/ONT towhich the formal ONU-ID is assigned, so as to accomplish the ranging ofthe ONU/ONT assigned with the formal ONU-ID. The network equipmentperforms data interaction with the ONU/ONT to which the formal ONU-ID isassigned, so as to accomplish the registration of the ONU/ONT. After theregistration succeeds, the OLT performs data interaction with theONU/ONT that succeeds in the registration, so as to assign serviceparameters to the ONU/ONT that succeeds in the registration. Inaddition, when the management terminal identifier between the operationmanagement system and the OLT adopts the ONU-ID, the second storingmodule stores the binding relationship between the SN and the ONU-ID.

Method 2: The receiving module includes a first requesting sub-module, athird requesting sub-module, and a receiving sub-module.

The first requesting sub-module sends a message for requesting to reportthe SN to all the ONUs/ONTs. The receiving sub-module receives the SNreported by the ONU/ONT. After the receiving sub-module receives the SNreported by the ONU/ONT, the assigning module assigns the ONU-ID to theterminal, and triggers the network equipment to perform ranging on theterminal. The network equipment performs data interaction with theONU/ONT to which the ONU-ID is assigned, so as to accomplish the rangingof the ONU/ONT assigned with the ONU-ID.

After the network equipment accomplishes the ranging, the thirdrequesting sub-module sends a message for requesting a logicregistration code to the ONU/ONT. The message for requesting a logicregistration code may by realized by a message for requesting a passwordor a newly defined message for requesting a logic registration code. Thereceiving sub-module acquires the logic registration code reported bythe ONU/ONT from the received message.

After the receiving sub-module receives the logic registration code, thejudging module checks the logic registration code received by thereceiving sub-module according to the logic registration code stored inthe first storing module, i.e. the judging module determines whether thelogic registration code received by the receiving sub-module matcheswith the logic registration code stored in the first storing module. Thejudging module determines that the ONU/ONT is the valid terminal andnotifies the second storing module to record the SN of the ONU/ONT, ifthe logic registration code received by the receiving sub-module matcheswith the logic registration code stored in the first storing module; thejudging module determines that the ONU/ONT is the invalid terminal anddirectly terminates the registration process, if the logic registrationcode received by the receiving sub-module does not match with the logicregistration code stored in the first storing module.

The network equipment performs data interaction with the ONU/ONT towhich the formal ONU-ID is assigned, so as to accomplish theregistration of the ONU/ONT. After the registration succeeds, the OLTperforms data interaction with the ONU/ONT that succeeds in theregistration, so as to assign service parameters to the ONU/ONT thatsucceeds in the registration.

When logging out, the ONU/ONT sends a log-out message to the OLT. Afterthe OLT receives the log-out message sent by the ONU/ONT, the secondstoring module releases the information about the ONU/ONT storedtherein. When the management terminal identifier between the operationmanagement system and the OLT does not adopt the ONU-ID, the informationabout the ONU/ONT stored in the second storing module includes thebinding relationship of the SN of the ONU/ONT, the management terminalidentifier of the ONU/ONT, and the ONU-ID of the ONU/ONT.

In an embodiment of the present invention, an operation managementsystem at the central office end in the PON is further provided. Thesystem includes a logic registration code module and a serial numbermodule.

The logic registration code module is adapted to store the logicregistration code, assign the logic registration code to the user, andtransmit the logic registration code assigned to the user to the OLT.The logic registration code module may transmit the logic registrationcode and the service parameters to the OLT. The detailed description isgiven in the above implementation manner of the method.

The serial number module is adapted to receive the SN of the validterminal transmitted by the OLT. The SN transmitted by the OLT is the SNof the valid terminal automatically detected by the OLT. The serialnumber module may store the received SN in an SN database. The operationmanagement system also includes a module for managing the SN.

In an embodiment of the present invention, a terminal equipment in thePON is further provided. The terminal equipment includes a receiving andstoring module and a transmitting module.

The receiving and storing module is adapted to receive, store, and inputthe logic registration code of the terminal equipment where the moduleis located. The receiving and storing module may receive the externallyinput logic registration code by using local command lines and Web pagesprovided by the terminal equipment or by others manners. The detaileddescription is given in the above implementation manner of the method.

The transmitting module is adapted to send the logic registration codestored in the receiving and storing module to the central office endaccording to the request of the central office end received by theterminal equipment where the module is located. For example, thetransmitting module carries the logic registration code in a message forreporting a password and transmits the message to the OLT. Or, thetransmitting module carries the logic registration code in a newlydefined message specialized for transmitting a logic registration codeand transmits the message to the OLT. The detailed description is givenin the above implementation manner of the method.

Finally, it should be understood that the above embodiments are onlyused to explain, but not to limit the technical solution of the presentinvention. In despite of the detailed description of the presentinvention with referring to above embodiments, it should be understoodthat various modifications, changes or equivalent replacements can bemade by those skilled in the art without departing from the scope of thepresent invention and covered in the claims of the present invention.

What is claimed is:
 1. A method for authenticating a terminal, themethod comprising: receiving, at an optical line terminal (OLT), a firstlogic registration code sent by an optical network units/optical networkterminals (ONUs/ONTs) of a user; judging, at the OLT, whether the firstlogic registration code sent by the ONU/ONT matches with a second logicregistration code stored at the OLT, the second logic registration codebeing assigned by an operation management system, the operationmanagement system being communicatively connected to the OLT and to theuser, and the operation management system being provisioned to the OLT;binding, at the OLT, a terminal serial number from the valid ONU/ONT anda terminal identifier assigned to the valid ONU/ONT after determiningthe ONU/ONT is the valid ONU/ONT and upon the first logic registrationcode sent by the ONU/ONT matching the second logic registration codestored at the OLT.
 2. The method according to claim 1, wherein themethod further comprises: assigning, at the OLT, a temporary terminalidentifier to the ONU/ONT; and performing at least one of registrationand ranging between the OLT and the ONU/ONT assigned the temporaryterminal identifier.
 3. The method according to claim 2, wherein theterminal identifier assigned to the valid ONU/ONT is a formal terminalidentifier of the ONU/ONT, and the formal terminal identifier of theONU/ONT is based on the temporary terminal identifier or is selectedfrom unused terminal identifiers.
 4. The method according to claim 1,wherein the method further comprises: releasing, at the OLT, a bindingrelationship between the terminal serial number of the valid ONU/ONT andthe terminal identifier of the valid ONU/ONT upon receiving a log-outmessage sent by the valid ONU/ONT.
 5. The method according to claim 1,wherein the method further comprises: receiving a password reportingmessage for reporting a password carrying the first logic registrationcode sent by the ONU/ONT; acquiring the first logic registration codefrom the password reporting message at the OLT; receiving a physicallayer operation and maintenance message for reporting the first logicregistration code sent by the ONU/ONT; and acquiring the first logicregistration code from the physical layer operation and maintenancemessage at the OLT.
 6. The method according to claim 1, the methodfurther comprising, after determining the ONU/ONT is the valid ONU/ONT:transmitting, from the OLT to the operation management system, theterminal serial number and a corresponding relationship between theterminal serial number and the terminal identifier.
 7. The methodaccording to claim 1, wherein the method further comprises: binding, atthe OLT, the terminal serial number of the ONU/ONT, the terminalidentifier of the ONU/ONT, and a management terminal identifier of theONU/ONT different from the terminal identifier of the ONU/ONT, themanagement terminal identifier of the ONU/ONT identifying the ONU/ONTbetween the operation management system and the OLT.
 8. The methodaccording to claim 7, wherein the method further comprises releasing, atthe OLT, a binding relationship between the terminal serial number ofthe ONU/ONT, the terminal identifier of the ONU/ONT, and the managementterminal identifier of the ONU/ONT upon receiving a log-out message sentby the valid ONU/ONT.
 9. A passive optical network (PON) system,comprising: an optical line terminal (OLT); and a plurality of opticalnetwork units/optical network terminals (ONUs/ONTs) communicativelycoupled to the OLT, the OLT is configured to: receive a first logicregistration code sent by an ONU/ONT, judge whether the first logicregistration code sent by the ONU/ONT matches with a second logicregistration code stored at the OLT, and bind a terminal serial numberacquired from the ONU/ONT and a terminal identifier assigned to theONU/ONT when the first logic registration code sent by the ONU/ONTmatches with the second logic registration code stored at the OLT; thesecond logic registration code stored at the OLT is assigned by anoperation management system, the operation management system beingcommunicatively connected to the OLT and to the ONU/ONT.
 10. The systemaccording to claim 9, wherein the OLT is configured to acquire the logicregistration code through receiving at least one of: a passwordreporting message for reporting a password, the password reportingmessage carrying the logic registration code; and a physical layeroperation and maintenance (PLOAM) message for reporting the logicregistration code.
 11. The system according to claim 9, wherein the OLTis further configured to: assign and send a temporary terminalidentifier to the ONU/ONT, the temporary terminal identifier beingadapted to meet requirements of the terminal in registration or ranging;assign a formal terminal identifier to the ONU/ONT; and bind theterminal serial number sent by the ONU/ONT with the formal terminalidentifier of the ONU/ONT, the formal terminal identifier of the ONU/ONTbeing based on the temporary terminal identifier or selected from unusedterminal identifiers.
 12. The system according to claim 10, wherein theOLT is further configured to release a binding relationship between theterminal serial number of the valid ONU/ONT and the terminal identifierof the valid ONU/ONT upon receiving an log-out message sent by the validONU/ONT.
 13. The system according to claim 12, wherein the OLT isfurther configured to bind a terminal serial number of the ONU/ONT, theterminal identifier of the ONU/ONT, and a management terminal identifierof the ONU/ONT, the management terminal identifier being different fromthe terminal identifier of the ONU/ONT, the management terminalidentifier of the ONU/ONT identifying the ONU/ONT between the operationmanagement system and the OLT.
 14. The system according to claim 13,wherein the OLT is further configured to release a binding relationshipbetween the terminal serial number of the ONU/ONT, the terminalidentifier of the ONU/ONT, and the management terminal identifier of theONU/ONT upon receiving an log-out message sent by the valid ONU/ONT. 15.An apparatus, comprising: an optical distribution network (ODN); aplurality of optical network units/optical network terminals (ONUs/ONTs)coupled to the ODN; and an optical line terminal (OLT) communicatingwith the plurality of ONUs/ONTs via the ODN; the OLT beingcommunicatively connected to an operation management system provisionedto the OLT; the OLT being configured to: receive a first logicregistration code sent by an ONU/ONT of a user; judge whether the firstlogic registration code sent by the ONU/ONT matches with a second logicregistration code stored at the OLT; and bind a terminal serial numberfrom the valid ONU/ONT and a terminal identifier assigned to the validONU/ONT upon the first logic registration code matching the second logicregistration code, the second logic registration code being assigned bythe operation management system.